A Microservice based Architecture for a Presence Service in the Cloud

Presence service enables sharing of, and a subscription to the end users presence (online or offline) status. Primarily used for instant messaging applications, the presence service now finds its way into innovative solutions for domains such as wireless sensor networks and Internet of Things. The growth in users of instant messaging applications is ever increasing since the advent of social media networks. Presence service needs to be highly scalable to handle growing load of the users. Moreover, the user activity is inherently dynamic in nature which requires the presence service to be highly elastic to utilise resources efficiently. Traditional presence services are built as monoliths. Monolithic architectures by design are difficult to scale, lacks elasticity and are resource inefficient. Moreover, overprovisioning of resources to handle unanticipated loads further adds to resource inefficiency. Cloud computing and microservices are emerging paradigms that can help tackling the challenges above. Cloud computing with three key facets: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) enable rapid provisioning and release of resources (e.g. storage, compute, network) on demand. Microservices is an approach of developing applications as a set of smaller, independent, and individually scalable services which communicate with each other using lightweight protocols. The on-demand nature of cloud computing provides a platform to achieve elastic scalability whereas microservices increase the scalability of the architecture. This thesis presents a microservice architecture for a presence service in the cloud. The architecture is based on a state of the art business model. The proposed architecture has three main components: A stateless front-end, a repository and a cache. The front end is built as a set of microservices exposed as SaaS. The front end, to remain technology agnostic, communicates with the repository using the Representational State Transfer (REST) interface. The cache provides fast data access to the front end. The front end microservices use message queues to communicate with each other. Besides, to check the feasibility of the architecture, a proof of concept prototype is implemented for a Session Initiation Protocol for Instant Messaging and Presence (SIMPLE) based presence service. Performance measurements have been made for the proposed and traditional architectures. Also, a comparative analysis of the results is done. The analysis of the results shows that the proposed architecture provides the desired scalability and elasticity to the presence service. Moreover, the proposed architecture provides lower response time and higher throughput in comparison to the traditional architecture

A Comprehensive Security Framework for Securing Sensors in Smart Devices and Applications

This doctoral dissertation introduces novel security frameworks to detect sensor-based threats on smart devices and applications in smart settings such as smart home, smart office, etc. First, we present a formal taxonomy and in-depth impact analysis of existing sensor-based threats to smart devices and applications based on attack characteristics, targeted components, and capabilities. Then, we design a novel context-aware intrusion detection system, 6thSense, to detect sensor-based threats in standalone smart devices (e.g., smartphone, smart watch, etc.). 6thSense considers user activity-sensor co-dependence in standalone smart devices to learn the ongoing user activity contexts and builds a context-aware model to distinguish malicious sensor activities from benign user behavior. Further, we develop a platform-independent context-aware security framework, Aegis, to detect the behavior of malicious sensors and devices in a connected smart environment (e.g., smart home, offices, etc.). Aegis observes the changing patterns of the states of smart sensors and devices for user activities in a smart environment and builds a contextual model to detect malicious activities considering sensor-device-user interactions and multi-platform correlation. Then, to limit unauthorized and malicious sensor and device access, we present, kratos, a multi-user multi-device-aware access control system for smart environment and devices. kratos introduces a formal policy language to understand diverse user demands in smart environment and implements a novel policy negotiation algorithm to automatically detect and resolve conflicting user demands and limit unauthorized access. For each contribution, this dissertation presents novel security mechanisms and techniques that can be implemented independently or collectively to secure sensors in real-life smart devices, systems, and applications. Moreover, each contribution is supported by several user and usability studies we performed to understand the needs of the users in terms of sensor security and access control in smart devices and improve the user experience in these real-time systems

Permissão para partilha seletiva em ambientes IoT

The increasing use of smart devices for monitoring spaces has caused an increase in concerns about the privacy of users of these spaces. Given this problem, the legislation on the right to privacy has been worked to ensure that the existing laws on this subject are sufficiently comprehensive to preserve the privacy of users. In this way, research on this topic evolves in the sense of creating systems that ensure compliance with these laws, that is, increase transparency in the treatment of user data. In the context of this dissertation, a demonstrator-based strategy is presented to provide users control over their stored data during the temporary use of an intelligent environment. In addition, this strategy includes transparency guarantees, highlights the right to forgetting, provides the ability to consent and proof of that consent. A strategy for privacy control in such environments is also mentioned in this paper. This dissertation was developed within the CASSIOPEIA project where the case study focuses on the SmartBnB problem where a user rents a smart home for a limited time. This paper presents the developed system that ensures the user’s privacy and control over their data.O uso crescente de dispositivos inteligentes para monitorização de espaços tem provocado um aumento das preocupações sobre a privacidade dos utilizadores destes espaços. Face a este problema, a legislação sobre o direito à privacidade tem sido trabalhada de forma a garantir que as leis existentes sobre este tema são suficientemente abrangentes para preservar a privacidade dos utilizadores. Desta forma, a investigação neste tópico evolui no sentido de criar sistemas que garantam o cumprimento destas leis, ou seja aumentam a transparência no tratamentos dos dados dos utilizadores. No contexto desta dissertação, é apresentada uma estratégia baseado num demonstrador para fornecer um controlo ao utilizador sobre os seus dados armazenados durante a utilização temporária de um ambiente inteligente. Para além disso, esta estratégia inclui garantias de transparência, evidencia o direito ao esquecimento, fornece a capacidade de consentimento e prova desse consentimento. É também mencionada neste documento uma estratégia para um controlo de privacidade neste tipo de ambientes. Esta dissertação foi desenvolvida no âmbito do projeto CASSIOPEIA onde o caso de estudo se foca no SmartBnB problem onde um utilizador arrenda uma casa inteligente durante um tempo limitado. Este documento apresenta o sistema desenvolvido que garante a privacidade e controlo do utilizador sobre os seus próprios dados.This work is partially funded by NGI Trust, with number 3.85, Pro-ject CASSIOPEIA.Mestrado em Engenharia de Computadores e Telemátic

WearIoT: swearable IoT human emergency system

A área da saúde foi uma das muitas beneficiadas com a evolução tecnológica, dando origem a novos conceitos que visam melhorar ou mesmo prolongar a vida das pessoas. Os sistemas de monitorização vestíveis, juntamente com as comunicações sem fios, são a base de uma classe emergente de redes de sensores. Estas tecnologias de informação permitem a deteção precoce de condições anormais e ajudam na sua prevenção. O objetivo é criar um destes sistemas compostos por uma rede de sensores que é implementada numa peça de roupa através de fios condutores com sensores conectados. Em contato com o corpo humano tem a função de fazer várias leituras, e.g., temperatura corporal, pulsação, entre outras. Outro objetivo é detetar quedas do utilizador. A deteção de quedas é cada vez mais importante para o utilizador, pois é uma situação que pode colocar em risco a sua saúde. Para o desenvolvimento deste conceito, são utilizadas Comunicações Móveis e o Sistema de Posicionamento Global. A primeira é uma tecnologia que permite criar chamadas de emergência em resposta a alarmes do sistema, o segundo indica qual a sua posição geográfica. Para complementar o sistema, existe uma plataforma online que regista a posição do utilizador tal como os seus dados. Tem também uma área de alertas no qual o utilizador pode verificar os seus valores preocupantes. Em caso de emergência o sistema contacta os serviços de emergência ou em casos especiais a ajuda pode ser obtida através de um UAV.The health area was one of the many beneficiaries of technological evolution, giving rise to new concepts that aim to improve or even prolong people’s lives. Wearable monitoring systems, along with wireless communications, form the basis of an emerging class of sensor networks. These information technologies enable the early detection of abnormal conditions and help in their prevention. The goal is to create one of these systems composed by a network of sensors that is implemented in a garment through conductive wires with connected sensors. In contact with the human body it has the function of doing several readings, e.g., body temperature, heartbeat, among others. Another goal is to detect user falls. The detection of falls is increasingly important for the user, as it is a situation that can endanger people’s health. For the development of this concept, Mobile Communications and the Global Positioning System are used. The first is a technology that allows to create emergency calls in response to system alarms, the second indicates the geographical location. To complement the system there is an online platform that registers the position of the user as well as his data. There is also an alert area in which the user can check his alarming values. In case of emergency the system contacts the emergency services or in special cases help can be obtained through an UAV

Feature-based generation of pervasive systems architectures utilizing software product line concepts

As the need for pervasive systems tends to increase and to dominate the computing discipline, software engineering approaches must evolve at a similar pace to facilitate the construction of such systems in an efficient manner. In this thesis, we provide a vision of a framework that will help in the construction of software product lines for pervasive systems by devising an approach to automatically generate architectures for this domain. Using this framework, designers of pervasive systems will be able to select a set of desired system features, and the framework will automatically generate architectures that support the presence of these features. Our approach will not compromise the quality of the architecture especially as we have verified that by comparing the generated architectures to those manually designed by human architects. As an initial step, and in order to determine the most commonly required features that comprise the widely most known pervasive systems, we surveyed more than fifty existing architectures for pervasive systems in various domains. We captured the most essential features along with the commonalities and variabilities between them. The features were categorized according to the domain and the environment that they target. Those categories are: General pervasive systems, domain-specific, privacy, bridging, fault-tolerance and context-awareness. We coupled the identified features with well-designed components, and connected the components based on the initial features selected by a system designer to generate an architecture. We evaluated our generated architectures against architectures designed by human architects. When metrics such as coupling, cohesion, complexity, reusability, adaptability, modularity, modifiability, packing density, and average interaction density were used to test our framework, our generated architectures were found comparable, if not better than the human generated architectures